The disruption to the manufacturing lines lasted one day, Edge Markets reports. Toyota's suspension of production in Japan, which a cyberattack on a third-party supplier induced, is now over. Researchers at JFrog report finding five security vulnerabilities in PJSIP, "a widely used open-source multimedia communication library developed by Teluu."
PKWARE COVER PHOTO FULL
Huntress counsels that preventive measures alone are insufficient for protection, and that organizations should make full use of logging, monitoring, and hunting. Huntress updates its research into an APT it associates with North Korea, and which is generally being called "BabyShark." The threat actor's operational practices are consistent with those Palo Alto Networks last month observed being used earlier against think tanks, and Huntress says the attack it observed "was significantly customized and tailored to the specific victim environment, indicating a targeted attack." The initial infection vector was phishing.
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here. There are also reports that some FSB files have been taken. That's unlikely to have any tactical effect, but it can't be good for either morale or for Russian confidence in the security of its networks. Ukrainska Pravda reports that "The Centre for Defence Strategies has acquired the names of 120,000 Russian servicemen who are fighting in Ukraine." These have been posted online. Of arguably more significance have been signs that Ukraine has been able to obtain, and publish, material from online Russian sources. Ukraine has shown some ability to attract hacktivists and volunteer hackers to its cause, the Wall Street Journal reports, and Vice describes some of their activities, many of which have taken the familiar form of vandalism, defacing websites and performing other mischief. Ukraine and its sympathizers strike back against Russia in cyberspace. US support operations in particular are said to be unaffected. There are reports of "local" Russian jamming of GPS in and around Ukraine, but so far, Breaking Defense reports, their effect seems relatively contained. Kaspersky assesses the ransomware as misdirection for the wiper campaign, which would be consistent with Russian practice at the outset of the war against Ukraine. CrowdStrike has also detected the Go-based ransomware, which it's calling "Party Ticket," but which it confirms is the same malware as HermeticRansom. ESET has also found HermeticRansom in the wild, which adds a capability for extortion to the campaign. The company says it's detected a worm, HermeticWizard, that's spreading HermeticWiper, which, as its name suggests, is data-erasing malware.
PKWARE COVER PHOTO UPDATE
SecurityWeek has an update on ESET's research into Russian cyberattacks against Ukrainian targets. Russian cyberattacks against Ukraine were under preparation for some time before the invasion. Cyber conflict continues at a low level, and the slow Russian invasion of Ukraine has moved into a more brutal, indiscriminate phase.
0 kommentar(er)
